Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

7

1647e74f8a...18.exe

windows7-x64

7

1647e74f8a...18.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    132s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    05/10/2024, 05:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1647e74f8a3277826ef5974d999a17ac_JaffaCakes118.exe

  • Size

    140KB

  • MD5

    1647e74f8a3277826ef5974d999a17ac

  • SHA1

    2b96d684f6a86f431226aba81c1c5bbad45f8fb8

  • SHA256

    bfc08a9cd81081ac2518e795bc3b86420a25958b52c5085ab6ba31dab8fed1c4

  • SHA512

    afe88d5746dee8cbaffe8fcf5c61b0f86190ab33a00d2b43771867a439f002384e4e3bcbf68d0c47c18771366768afa37048a41a0786fd33dfdcd469bf0ae40c

  • SSDEEP

    3072:s6r5Ifw06tL0AQzXFDmh0r0IWJsaOMGzw+Ua:s6ufwTtLLaFDw01aHGzw+U

Score
7/10
aspackv2discoverypersistence

Malware Config

Signatures

  • ASPack v2.12-2.42 1 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
    adwarespyware
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1647e74f8a3277826ef5974d999a17ac_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\1647e74f8a3277826ef5974d999a17ac_JaffaCakes118.exe"
    1⤵
    • Adds Run key to start application
    • System Location Discovery: System Language Discovery
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2112
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" http://www.youtube.com/watch?v=gOO_UqzEc5Y
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2392
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2392 CREDAT:275457 /prefetch:2
        3⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2248

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    914B

    MD5

    e4a68ac854ac5242460afd72481b2a44

    SHA1

    df3c24f9bfd666761b268073fe06d1cc8d4f82a4

    SHA256

    cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

    SHA512

    5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    1KB

    MD5

    a266bb7dcc38a562631361bbf61dd11b

    SHA1

    3b1efd3a66ea28b16697394703a72ca340a05bd5

    SHA256

    df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

    SHA512

    0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
    Filesize

    252B

    MD5

    c2fc574be7f8b238e1d73c258fc992de

    SHA1

    8f8ff204873cfce92dd28e0e0f63dc0748a7b8fe

    SHA256

    99d6ee740acc405b469b65d93693cf3aca712e20bd1f4a4dbdc81a817a3026f0

    SHA512

    637a39da82b6eaa3a4956d01326254ed10ace75f3a95112078bfe931869c9335402a185e597e7cc0f5166ce21919fa63c6e1df71166668890cf94f57c541fe72

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    473e5c0617818e366317011854c66f1b

    SHA1

    e50f08ff5422b532f0132b708c566dd236833ef4

    SHA256

    d5c908ecedfbbe6ba0856a07a46dafcfa9164cc06eee1e8f4ec26861636d10fa

    SHA512

    9e8fa6cb95081d9d23776ff62edf551b3e9e5b3cf57d977451db6e914361f38f00443fbc967fbd4517b9f8ce10a785dadbfa7954543c771aa53148e44641d06f

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    6af71716ca318b0fee3577849d1f94fa

    SHA1

    e8099d1e7f6ecf886ac65e9b07b1d87cf78357a0

    SHA256

    43e4270d66f347e7e6efe7ea8fc579f4e612fa80a744ecb4160e24a5ef6c163e

    SHA512

    312f574efce920627d2498580b06b359f7f16c01097e5a8e7effedb5fc40f3931c59507d2e261489e06d16cf8b4f7662f2618aeb684a1a6ccf85848b6e9c5825

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    73ec3c2bacdd588093f9c518c2e2cb7a

    SHA1

    e935c1733a3f5fb6a3558e53f937bb7dffc14720

    SHA256

    acd95d40432b8ffe6badb5add46251b2ce7bb9da7f0ec28ca6724836cc1bba20

    SHA512

    26b862b5a570428f661b63947b4957b58b58c0a80fd313776d1d5ae5c5150dc8af14b86a2e119c5bae05ede9d280c9b75b3bcb07dc68eafe0e7390aac1cb4b27

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5c77231674452c10a9f0f6cb37596188

    SHA1

    84e7b173f3b0aa49dd1ad604ae42996431085db9

    SHA256

    c73f9654ab3f3dd410b2280dfc25cace6b7a63aeb9e14456adb8a8b4269ae7c6

    SHA512

    b51de36304888f2eeb3edfc146676cef7319a468740d99259c70e2c8a37559a4f15b10f3a7c5065251116239c24d41a95a4aa48063141f8c974b9756230c4f24

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    09490ee3b81ede07e3cf83c6ab2193bf

    SHA1

    fd18e3ff478ddc7cacca6361833682d39096c0cd

    SHA256

    0b5aee668dbc60de7820b6b621620eb85c838501bfa767677b39a5aa478eb93c

    SHA512

    e51f4cbfdfb0599a119e6e1d2b82cedfcf8ea4a91c90811e92d71c2aceac616187174d53f8cf3de1c642f37c8621de05260f6bf5df63c436715cdb795fa5e3af

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    d6726195e1803bf274c358e15e107900

    SHA1

    fcc8b540e4166ea06ffe18d6d591d5e0ef7dc738

    SHA256

    2e632671404573e1780a6624739bf9fcf139e6bf0dcbc10c2c7921af4253c4bd

    SHA512

    38c149d473ef55ddc928cf247b1f438fb0b7fe715045e2c174ec7d06fcdc84e966db7c8568d3d970360a6e0621646d32dab1aae0fbd2a758221122026d432b51

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    fb4ecb26593bd3c88d74235d4fc40818

    SHA1

    92cad620b324cc8aeb3d64563bb892f637d4ca43

    SHA256

    4bbcfce1e67c88c63aa905797a7c9144737fb98c4c5762f3310d2c8cbaaa3da4

    SHA512

    f397122b1fbb498933921036a46a9f12faa6d0ca728e1c1e69ce668dfd3908fba4221bbdfde66652ac9d5b99a60d358b9454a58cee994cb406c9c2da0bc836b1

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    e05e1ae5e09b865a187446e06dd933de

    SHA1

    2ddebc73872bda461eab366835f662bad99d13ef

    SHA256

    1b6f981429dc2be0c84205e350520a1021208eb98d621777392af0626fce8470

    SHA512

    3376eb34c05aff67c4143d53faf4c10ce7d5df8b20c5bdf12c959270f9f6aac353e332348c5fdd7497de584a04c6abd5b70dfca92460a21b9a856ce84c8b41c5

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7220b827aac770e7ea2095e2631e3be4

    SHA1

    9b69f25f3cb917ba300827843fbbd0e621e59b7d

    SHA256

    e4a4d30d2a3ca413700fd281892664e9fe85ecfbbecb13602bdea9eb25421d0e

    SHA512

    6e415264c72c13a2c39181d689a737ad329d1c78a7a914207ca1afae878780b96f90400539275a39f268f3602a4a4f21a5ac8d9e1a66022401e511a29e457e34

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    39a7a4146b7ec282f0a247538f4a870b

    SHA1

    287702fdaf56eae1ff855991294f9a25d8a2a38a

    SHA256

    a40d36dfb631ed17241d4fd7618d2a291d613773aa85917ac30fc6c4f467f3cf

    SHA512

    8eaee2ad73052f242e550b378fc0fb6ed343b3afe1fb41e73fc606abb88efe78443692348d0b0209da46524498512dbbd391723ae40701c630be750ea25ba9e2

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    bf3c860618e4ed22ed703afb17fd3d9f

    SHA1

    b62a44846df92bdc66a1dcb140310d7c2cd8bcd8

    SHA256

    5c94fd4a266c0ebcfa2a444178957c415a04e297901b0dcf821a80e6c2088e98

    SHA512

    4a6bbd75e808b656824a5e3e8aeb32d4058f6cb513634ca7f88bd9fc585e5b704bed0837026c89030f485174dfd9bd5cfe8ad337e48bc69f4ecc03e8a72e69ff

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    3eadd2b91204c5730e741552ece44db8

    SHA1

    8a36af443782d46b147f9667554fd8add6638b56

    SHA256

    51c0439aa5d2a4d2c91d7567eb59cd473766865a86f2f2f100b773eeaf33ea36

    SHA512

    61c23a68cb718f7b512c6e8a699ade4bc93e2c5bbbcfa016347eeb391d49b0235b039aa87b65bbfb29e8ba504bb128cd7ff1f74e394b0ed0af60ac53dbc46f75

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    342e2d8ff34875d038e30c2874f7fd11

    SHA1

    9231a6a00fc0b5d7d07b5eda04734c0225c0800d

    SHA256

    6d42f51cc52a33e4f6606120ecd3f06637d58aa3c669f5364185196dedcea7b7

    SHA512

    a5213d43d2ea7a0d57237042ec021b94adefcc7124046c430a8ebdaf0a5abca2fe79b0891c3ece1bf79d811e6cf6344e55d7f69a0470dac853838fbd791fed99

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    754f581956ba1d650627dff222f06701

    SHA1

    21e8f7d112cc3d1c963a07dd5c3950475606ee10

    SHA256

    110260ff0a59647ea404d3189e56a288f007220044cd2c136d4dc61bcdccfc03

    SHA512

    a007a7afef24a37264fc5116f94d0f34410b588e5633d829b5ffe981ddfc2ebad0b08872e81b40aeff86e01b12201fd0158e68059f3091ef770d2c1a3fc905bc

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    8be59f35ba103d7f154894a198d8b6c2

    SHA1

    58846d8a25f9204b763dcfe87cb391b49f74582a

    SHA256

    849791fe4aac7f2f390e5cbce92a6ce54cb7cc97bd2a0da12f28e7861f0a2bdf

    SHA512

    5cb76338ebd2d3b8eeb248a451dc5f687f821991b8ef368060a5699155b157a50383d283a8025c6c681cf392f18f4d52d939ec6f865fa916d3221f78fba2a376

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    7323b37d5e09ca7348958709fe8e1e53

    SHA1

    16c61fb7f33a2ea221c85f826fa0e62e68c3438c

    SHA256

    5a4fa05f0d46478e51d3e58c3ea8bf2cd063f222f1be454fbbf334411acaf9ae

    SHA512

    66f6ed2191db56b2692fe12b98d6b825fe83b7464d40a50a0ca13a99a779da1c94ec46e72d76e9dcc66d7286b842c5672c4c77fe01ef563012224f8d534822fb

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    5b46937c9dff457c131993adbebc4fa2

    SHA1

    534217a6f35883c68a6b264c33565473cec7fb4d

    SHA256

    2048a0c4c7d7fbbfe0afe8a7ee7b92b6dd16bbbb2a032d13285071a17762ccc1

    SHA512

    8885ebff130ec63fd6f0aaf4692a713d6ef6b6e6f37281b7d2fa4076eb3c6b009af4922704e05b0628ed728b282064538342c3b5e4284aa034e853e76f3d7ad9

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    99691f5c0e16d0bf39155d35cc3e98d1

    SHA1

    5fb729268f80c690bf1688077667734ec97360b2

    SHA256

    f049961add5edf4afd266ab04bd04670d857cd72b0b7b077c6cd810d4477d63a

    SHA512

    26df47ca2a6886de181d168b8566cf980e223c6e44276fcefd9a1760cfa7011ab8e5559e4d3c8458fac410727b409e17f1c1e3157261fbb96ba17932bba28279

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
    Filesize

    342B

    MD5

    2e105fe3e324cbac543ea29bd9d2d446

    SHA1

    39510b45fa2bb22cbffffc7a11c2c944dd65656b

    SHA256

    d03bdf5134782974b096b694d15cb34de4370b49c42ab9cbc543a4b70f6b146c

    SHA512

    56187b292bd27f96db4a03dffe643b1325859a1462160a1b370b654ffd2c6224617873936cf36da8778f588fa5f5b17a09b407e7f9755a9c218a44083147afe0

    Download Submit

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
    Filesize

    242B

    MD5

    73c2f5bec04d0423deba733dbac6efa2

    SHA1

    64e47ee3d1ad269694f633dd990742b1f88ccae0

    SHA256

    b564ccd4a72f756de2b5fd02913d9ff0fc40c5cd979d2d9d35047eed32f6f2a4

    SHA512

    3d07cbced5ddbc142dee9cef45dfa1d946142e88321b5ed2bf49aa7fb723192c142d08a7536ff857595e69b9c95d25de8269d045235127d2c0e66d19bf4ba94c

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\njqq61f\imagestore.dat
    Filesize

    1KB

    MD5

    df8234bc5bfe404e24f520fae70a799f

    SHA1

    f022e823a396eeb049a27512eb6d95927939b3d8

    SHA256

    f99f7d9696ddd57be407a79bdc8355f367e99bc3d92796b58c04bcd48de14c10

    SHA512

    cd872d9a2815eda834cb5b6330d88974c8cab65313c0fccb214f3741c2b0ae253ed951af2239d1323470c9f8f4728b5aea4fa18d8cb44203bb742737afe842fb

    Download Submit

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7CNUR30T\favicon[1].ico
    Filesize

    1KB

    MD5

    f2a495d85735b9a0ac65deb19c129985

    SHA1

    f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

    SHA256

    8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

    SHA512

    6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Cab61B.tmp
    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\Tar61C.tmp
    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

    Download Submit

  • memory/2112-0-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2112-6-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2112-7-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/2112-3-0x0000000000400000-0x0000000000487000-memory.dmp

    Filesize

    540KB

    Download

  • memory/2112-2-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download